Please include the Introspection End-point URL in the configuration of the OIDC module.
We would like to use Introspection (RFC7662) provided by the IdP to verify the access-token passed from the IdP, but the current (3.1.0) OIDC module does not have an Introspection End-point URL.
The Introspection end-point URL is generally a value available through OpenID Connect Discovery, and we feel it would be wasteful to consider how to retain the Introspection URL separately for each application. Therefore, we believe it should be held in the OIDC module.
You are right, the OIDC SSO module doesn’t currently support introspection. It validates the ID-token only.
Support of introspection is on the backlog, but not yet planned.
The module is already consuming the well-known endpoint where the introspection endpoint would also be indicated. Do I understand correctly you would like to have access to that URL? Have you been able to implement token introspection already? What is your use case for doing that:
- access token (AT) is not a JWT?
- validate AT hasn;t been revoked at the IDP?
- obtain more information about user?